Commit a63f9887 authored by Dan Fandrich's avatar Dan Fandrich
Browse files

Fixed a bug whereby a received file whose length was a multiple of 

512 bytes could have random garbage appended.  Also, stop processing TFTP
packets which are too short to be legal.
parent 1282aad4

lib/tftp.c

+33 −23
Original line number Diff line number Diff line
@@ -656,11 +656,20 @@ CURLcode Curl_tftp(struct connectdata *conn, bool *done) 
        state->remote_addrlen = fromlen;

      }



      /* Sanity check packet length */

      if (state->rbytes < 4)

      {

        failf(conn->data, "Received too short packet\n");

        /* Not a timeout, but how best to handle it? */

        event = TFTP_EVENT_TIMEOUT;

      } else {



	/* The event is given by the TFTP packet time */

	event = (tftp_event_t)ntohs(state->rpacket.event);



	switch(event) {

	case TFTP_EVENT_DATA:

	  if (state->rbytes > 4)

	    Curl_client_write(data, CLIENTWRITE_BODY,

			  (char *)state->rpacket.u.data.data, state->rbytes-4);

	  break;
@@ -681,6 +690,7 @@ CURLcode Curl_tftp(struct connectdata *conn, bool *done) 
	Curl_pgrsUpdate(conn);



      }

    }



    /* Check for transfer timeout every 10 blocks, or after timeout */

    if(check_time%10==0) {